Extracted

• • Target

    ea8e3632cc014498f1ff82398d0a40d1_JaffaCakes118

  • Size

    444KB

  • MD5

    ea8e3632cc014498f1ff82398d0a40d1

  • SHA1

    a84c99f40e048e61980b2d7a5a987aa8a7894949

  • SHA256

    0e49f713d8428e6fa3cd7d888c26d6ec452cd3537904e8d6cef38b9207fc74fd

  • SHA512

    0245d75b71654ca18b0bea8ebe2d1d725d6bef90755bd818675938525dd73f96006e87bcbd0dead45f4dc81f3dd725952490f85f64a6586dc9de0d62debe9115

  • SSDEEP

    12288:0A+9QKbU1mNjno+HuY/bYaQbd6+6eKka/x/2c9PFboEXpq:xKbUAjoWM9+eKkaj5q

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2